Battle Comodo's Auto-containment vs any other free security software

Compare list
CCAV 2019
Avast Free 2019
Comodo Antivirus 2019
Other 2019

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
I'd like to just give the avast (free) as an example here. Avast has a behaviour blocker and also its antivirus module is relatively stronger to comodo's. But, there will be times where both of them can't succeed to find the malware. At this time, theoryically, a sandbox can isolate the virus without interfering the program itself. I don't know if there is significant performance loss at this point, though. Even if we press the "Run unlimited", we have a strong HIPS module, doesn't we?
I have never seen the HIPS module in action at the malware tests on youtube, so I can't say a definite thing, though.

I think either there is a problem with Comodo which I don't know yet, or it's just underrated.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does it make sense to focus on AV detection? It seems as if a lot of endpoint protections are now focusing on sandboxing, behavior and AI.
are we judging protection on signatures? - its 2019 not 2009.
Correct, AV is more than static sig-based detection. And sig-based detection itself is more than a simple list of hash values. Nowadays, it is very complex. This is exactly why you want an AV that does the job right, not Comodo AV.

If you have no need for an AV, then don't install CIS. Use Comodo Firewall. But a good AV is an important safety net. It is recommended as part of your security config. That's why you should use the AV of your choice + Comodo Firewall.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
My opinion is if you use Comodo you must have sure one good second opinion scaner for unknown files. If you have not problem with the high cpu, delays on applications and the false positives, the rest is very secure protection. And the best against ransomware.
[/QUOdTE]

Read the recent posts of Fabian from Emsisoft. They are very enlightening.


I know there are many happy Comodo users. I simply don't find their products very user-friendly. Lots of other good AVs are, and if you harden the OS or use something like VS you complete the package.

Re: Fabian's posts - They certainly are enlightening. Implicit in his thread is the usability factor of an AV, even though he may not emphasize it, or even say it. That's a big factor for me, and probably many ordinary users.
 
Last edited:
L

Local Host

I can hardly call the default-deny nature of Comodo any secure, you lack the tools and effectiness to tell if the file is malicious to begin with.

So you guys are going to run all the Software in a sandbox? Is no different from running Windows Defender with strict rules.

Which brings @shmu26 comment, you need a proper AV to detect and triage the legit files, instead of running everything in a sandbox. Plus this is 2019 indeed, the browsers already run in a container, putting them in a sandbox is useless.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I'm using CCAV with the tweaks from @BoraMurdar.


CCAV + Syshardener is my combo. It's unbeatable light and blows away other light av's like Panda or Eset. (y)

Changed my mind again about CIS Free. think I'll make my own personal judgment for my own machine regarding this AV. If any problems arise, I can make sure I skip the product in the future. Sometimes the only way to gain experience is by conducting things yourself and getting knowledge about the experience you faced, then you can take the pros and cons.

~LDogg
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I can hardly call the default-deny nature of Comodo any secure, you lack the tools and effectiness to tell if the file is malicious to begin with.
This is true, but if you run it at CS settings, it is pretty secure. At her settings, a malicious file running in sandbox can't hurt you.
But if you use CCAV, and rely on the autocontainment, you risk losing personal data. The malicious file running in the sandbox could call home and exfiltrate what it finds on your system. But it won't be able to make any significant changes to your system.

If CCAV blocks internet connection for contained files, then what I said is not true. But I don't think it does.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I believe within the settings of CCAV you have options to stop inbound/outbound connections of sandboxed applications as indicated here:

210411


Please excuse the fussiness of the image. I believe this would stop or at least mitigate personal data loss. @shmu26

~LDogg
 
Last edited:

mellowtones242

Level 2
Verified
Aug 11, 2018
95
I can hardly call the default-deny nature of Comodo any secure, you lack the tools and effectiness to tell if the file is malicious to begin with.

So you guys are going to run all the Software in a sandbox? Is no different from running Windows Defender with strict rules.

Which brings @shmu26 comment, you need a proper AV to detect and triage the legit files, instead of running everything in a sandbox. Plus this is 2019 indeed, the browsers already run in a container, putting them in a sandbox is useless.

You’re saying Comodo lack the tools and effectiness to tell if the file is malicious to begin with?
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
This is true, but if you run it at CS settings, it is pretty secure. At her settings, a malicious file running in sandbox can't hurt you.
Okay, it would be like an Anti exe, or similar to H_C. What happens is that you have to know if it is good or bad because it denies everything, it would be like an Anti exe, or similar to H_C. VT can help in that or some second opinion scanner
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I believe within the settings of CCAV you have options to stop inbound/outbound connections of sandboxed applications as indicated here:

View attachment 210411

Please excuse the fussiness of the image. I believe this would stop or at least mitigate personal data. @shmu26

~LDogg
Thanks. I haven't looked at CCAV in a while. If you can block outbound connections, that's an important tweak. Users should do it.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Thanks. I haven't looked at CCAV in a while. If you can block outbound connections, that's an important tweak. Users should do it.
No worries. I agree, users should definitely block outbound connection. (off subject, but on topic with outbound connections) It's why I'm using MWFC, functioning the same way, but it does give more informed information about the app that's blocked.

~LDogg
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Light and effective? Windows Defender configured via H_C. I don't see the needs for third party av's anymore.
You may not see the need, I can see how you came to that conclusion, but many other users like to explore, use, test, uninstall/install AV products, it's a massive playground for gathering knowledge, experience or just to play test some software. :p

~LDogg
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The one that opts for a Denial by default is not a person to remove and put programs, he knows what he has and if he wants to try it he does it in Shadow Defender or in a virtual machine.:giggle:
Maybe that's why Comodo appeals to many people. It has such a long list of trusted vendors, you can install most known software without a problem. And at worst, it will be autocontained. It is sort of like default/deny with a soft cushion.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top